Versions Compared

Old Version 10

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, September 6, 2013

Attendees:  Scott, Daniel, Brent, Tom, Marvin, Paul, Nate, Ian

Call Administrivia

Dial-in attendee identification.

...

60 to 90 minute call window.


Brent

Continuing to work on metadata resolver refactoring.  Conversion to MetadataResolver API and pre-processing model is largely complete.  Main outstanding issue is design of how/where to do per-node processing for things like EntitiesDescriptor@Name and shib:KeyAuthority.  A concern and desirable goal is to reduce unnecessary treewalking. Choices are:

  • New plugin abstractions for MetadataResolver itself
  • MetadataFilter impl which does 1 treewalk and takes plugins similar to #1
  • Just implement each as a MetadataFilter unto itself, so each does own treewalk.  Advantage is no new abstractions.

Refactored MetadataCredentialResolver to use new credential caching mechanism based on XMLObject#getObjectMetadata class-to-instance multimap.

Refactored HTTP metadata resolvers to use Apache HttpClient v4.  Some TODO's remaining around capabilities differences to v3 client.

Daniel

 Also a variety of other interface and base class impl cleanup; removing old interfaces, etc;  simplifying and fixing up the ChainingMetadataResolver.

Next up: finalize and implement the plugin processing above.  Finish up HttpClient refactoring. Start on dynamic metadata resolver.

 

Daniel

Connected with Rod to get Velocity template work done for RDBMS connector

Next up, LDAP security config and LDAP authentication

Ian

  • eduGAIN and Shibboleth services 
  • Jenkins and nightly build plan
  • Metadata Aggregator

...

Completed first batch of authentication work, documented at Authentication and Session Management

  • Context design
  • Configuration and selection of flows
  • SSO via active results pulled from session (session itself is TBD)
  • Implemented and tested flows for IP authn, asserted RemoteUser or header, and form/basic-auth to JAAS
  • Successful integration of nested subflows for Authentication into MVC profile testbed
  • Explored error handling a bit
  • Handling of AuthnContext, including non-exact matching

...